user.js

mirror of https://github.com/arkenfox/user.js.git synced 2025-04-22 00:19:28 -04:00

Go to file

I did some digging into what exactly snippets are and how it works ...

Snippets = information about mozilla and firefox like tips + tricks and things they want to highlight or advertise, etc. (~4MB of data with CSS, HTML + JS)
If you want to see the data, load [this](https://snippets.cdn.mozilla.net/5/Firefox/63.0/20181018182531/WINNT_x86_64-msvc/en-US/release/Windows_NT%206.1/default/default/) and look at the response.

"Updates from Mozilla and Firefox", as it says in the UI, doesn't sound that bad but it includes [metrics](https://abouthome-snippets-service.readthedocs.io/en/latest/data_collection.html#metrics), geolocation stuff and runs JS code received from a server (AKA remote code execution).

When I saw that it allows RCE I tried to inject code via the URL but "data" URIs don't work anymore because Activity Stream is now protected with a CSP.

Should we add something like `Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server`? Because "Updates from Mozilla and Firefox" makes it sound kind of tempting and a lot less shitty than it really is, IMHO.

The link we had in 0370 is more intended for mozilla devs and not very useful for end users.
https://abouthome-snippets-service.readthedocs.io/ is better

ps: do we really want all those "has setting" ?

2018-12-11 11:22:30 +00:00

scratchpad-scripts

browser.crashReports.unsubmittedCheck.autoSubmit

2018-11-26 15:33:36 +00:00

wikipiki

Add files via upload

2018-10-28 03:57:54 +13:00

_config.yml

Update _config.yml

2018-10-27 16:29:34 +00:00

.gitattributes

Update .gitattributes

2018-08-06 22:31:21 +00:00

.travis.yml

Added Travis CI configuration

2017-03-01 00:11:05 +02:00

LICENSE.txt

Create LICENSE.txt

2017-02-18 08:57:08 +13:00

prefsCleaner.bat

P*tches for B*tches (#483 )

2018-08-12 11:56:47 +00:00

prefsCleaner.sh

v1.1 regex fix (#409 )

2018-04-25 22:56:54 +02:00

README.md

Update README.md

2018-12-10 19:26:17 +00:00

updater.bat

fix -updatebatch (#484 )

2018-08-13 12:39:24 +00:00

updater.sh

updater.sh: add -e option for ESR users (#565 )

2018-12-01 14:47:58 +00:00

user.js

Update user.js

2018-12-11 11:22:30 +00:00

README.md

user.js

A user.js is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the overview wiki page.

ghacks user.js

The ghacks user.js is a template which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).

Everyone, experts included, should at least read the implementation wiki page, as it contains important information regarding a few ghacks user.js settings.

Note that we do not recommend connecting over Tor on Firefox. Use the Tor Browser if your threat model calls for it, or for accessing hidden services.

Also be aware that this user.js is made specifically for Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser.

Sitemap: Releases, changelogs, Wiki, stickies. diffs

acknowledgments

Literally thousands of sources, references and suggestions. That said...

Martin Brinkmann at ghacks ¹
The ghacks community and commentators
12bytes
- The 12bytes article now uses this user.js and supplements it with an additional JS hosted at GitLab

¹ The ghacks user.js was an independent project by Thorin-Oakenpants started in early 2015 and was first published at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name.